Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Comment Get an incident handler in there (Score 1) 256

FTA: "... the city found that the system serving as the distribution point ... was a print server. However, an exact copy of the malware on that server may never be recovered, as city computer technicians quickly isolated and rebuilt the offending print server."

Ok, if I have a single workstation with "AntiVirus 2009", I will probably nuke it without a second thought. If one of my servers has been commandeered to serve as the command and control channel for a worm that just ate 800 of my PCs, I SURE AS HELL AM GOING TO GET A dd OR OTHER FORENSICALLY SOUND IMAGE OF THE MACHINE BEFORE I WIPE IT!!!!!!!!! For crying out loud, they contacted the FBI, but they just destroyed what could have been the single most important piece of evidence! Do they have a Best Buy in Norfolk? For $100 they could have brought the machine up on a clean hard disk and set the existing one aside for forensic examination without wasting the time of taking an image of the drive.

Also, they have no idea how the attack occurred, but they are sure it didn't come from the internet. Any evidence to back that up? It's one thing to say it probably didn't come from the internet because our logs show no traffic to support that possibility. It's ridiculous to make that same statement based on a gut feel.

If this article is accurate, these guys are playing amateur hour IT security. Their first action should have been to contact a qualified incident handler.

Comment Which is cheaper? (Score 3, Insightful) 123

They are effectively shifting the work of verification to the recipient of the letter. If you are guilty, they found their mark. If you haven't done what they accuse you of, and you will probably be indignant enough to go through some effort to correct their "error". Sending out the letters without verification requires almost no work from them, has no risk, and sometimes gets them money. Verification would only add more work with no payback in reduction of risk or increase in monetary return.

I am surprised more people don't see this as a shakedown racket. Also, since the RIAA gets money in return for the cost of a trained monkey running mailmerge in Microsoft Word, I don't see why they haven't purchased an electronic copy of the phone book so they can simply send out letters to everyone in the country.


The Struggle For Private Game Servers 125

A story at the BBC takes a look at the use of private game servers for games that tend not to allow them. While most gamers are happy to let companies like Blizzard and NCSoft administer the servers that host their MMORPGs, others want different rules, a cheaper way to play, or the technical challenge of setting up their own. A South African player called Hendrick put up his own WoW server because the game "wasn't available in the country at the time." A 21-year-old Swede created a server called Epilogue, which "had strict codes of conduct and rules, as well as a high degree of customized content (such as new currency, methods of earning experience, the ability to construct buildings and hire non-player characters, plus 'permanent' player death) unavailable in the retail version of the game." The game companies make an effort to quash these servers when they can, though it's frequently more trouble that it's worth. An NCSoft representative referenced the "growing menace" of IP theft, and a Blizzard spokesperson said,"We also have a responsibility to our players to ensure the integrity and reliability of their World of Warcraft gaming experience and that responsibility compels us to protect our rights."

Comment Re:Different Approach (Score 1) 1006 can quote the $250,000 fines the BSA can assess PER VIOLATION...

The BSA cannot assess anything. They have no legal authority to do so. What they can do is ask you to pay money in a settlement rather than engaging in a very long and expensive legal battle against them. If the case has very clear-cut evidence, paying $250,000 may well be cheaper, quicker and simpler than a court battle, even for a very small company.

Comment Re:It's pretty fun (Score 1) 137

In many cases, the webserver IS the app server.

This sort of feature could be very useful for those smaller shops and cheap shops who haven't yet created a dedicated Web tier, or for all those internal webservers which host the Wiki, etc.

If they are smaller/cheaper shops, they probably aren't playing around with heavy virtualization to begin with. If you are virtualizing your example box, you're doing it wrong.

But what if half the webservers drop off because the circuit which powers that side of the cage went down? And the 'redundant' power supplies on your machines weren't really 'redundant' (Thanks Dell)?

Get a better UPS setup. If you have entire racks of systems that fill a cage, and your servers all shut down because their power died, you're doing it wrong. Rather than plugging all of the servers into individual UPS systems, get a UPS that covers all the circuits for the cage. And a generator.

Comment Think of the future! (Score 1) 301

More than anything else, executives don't want to be surprised. Giving them the weekly page response numbers is fine, but what they really need is forward-looking analysis based on those numbers and your experience. Something like "looking at the current load capabilities of our web servers, we will probably need to spend some capital on additional web servers if we add more than 500 additional reporting sites. Looking at our current growth rate of adding 50 sites per month, it looks like that money will need to be spent in less than 10 months to support continued growth." What they REALLY hate is when you run into their office at 12:30 on Friday afternoon yelling "Our systems hit the wall with that last new customer. I need $25k NOW!" Also, you've covered your butt by notifying them about serious issues that could affect the business with enough time to plan.

They may not actually spend the money that you have recommended, but if you have a trail to document your recommendations, you may be able to avoid getting blamed when the web servers can't handle the load when that big new customer gets signed.

Comment They are making it worse (Score 1) 462

I follow a number of security-focused mailing lists, and about once every two or three months someone posts something like this: "Help! The plant mangers at $CRITICAL_INFRASTRUCTURE_SITE where I work want to have all the formerly air-gapped SCADA systems accessible via a web browser from any internet-connected PC so they can check the plant status from home, on vacation, while at conferences etc. I haven't been able to talk them out of it, can anyone help with a better argument?"

What reasoning do your propose to people who's response to the argument of "if we are hacked, the loss of life and bankruptcy of our company will come back to you" is met with "you IT guys are too paraniod"?

Until people start going to jail, profit and convenience will trump everything else.

Slashdot Top Deals

Time is an illusion perpetrated by the manufacturers of space.